Companies & the US Gov’t are Paying to Get Hacked! | Synack News

The increasingly common trend? Organizations are calling on “battalions of freelance hackers” to help them find and fix security bugs through bug bounty-like models. Sounds too risky a model for some, but Fast Company details how Synack’s trusted Crowd Security Intelligence model helps alleviate concerns and greatly reduce the risks of crowdsourced security testing.

In the wake of the Dept. of Defense recently awarding Synack the largest federal contract ever for crowdsourced security testing, we officially launched our Synack Government business earlier this week – coinciding with the announcement of Synack’s $2 Million contract with the IRS. This was a bit of déjà vu for our former NSA analysts-turned-Synack co-founders, Jay Kaplan and Mark Kuhr. As Mark reminded government officials at CyberCon 2016 this week: “You have to train the way you fight.” So who’s in? The DoD and the IRS so far, and we look forward to further expansion of Synack Crowd Security Intelligence for Government – full press release here!

A few weeks ago, a user of OverSight, a tool built by Synack’s Director of R&D Patrick Wardle, alerted Patrick to some “scary” behavior of Shazam on macOS detected by the tool – the microphone continues to record even when a user specifically turns it off in their app. Of course, Patrick did some reverse engineering to investigate further – Forbes summarizes his findings in “Hackers Can ‘Easily’ Turn Shazam Into An Evil Mac Spy App”, for the full analysis, head over to Patrick’s blog post.

Unfortunately, it’s the latter. And tickets for this show only cost $5. Within just 30 seconds, a $5 Raspberry Pi Zero device loaded with PoisonTap can take over a computer and install a backdoor – even when the machine is locked with a strong password. PoisonTap was released by renowned hacker Samy Kankar – more on the tool here.

+400 Million “Friends” Seeking “Friends” Exposed

Security Stat of the Week

Move over Ashley Madison, there’s a new sex site hack in town! And this one’s MUCH bigger and better than ever, with the user information of roughly 412 Million FriendFinder accounts compromised – including ~340 Million accounts from AdultFriendFinder.com (“the world’s largest sex & swinger community”…), as well as Penthouse.com and Stripshow.com. Per WIRED, “… victims should stay tuned for any sign that the leaked data has been published in plain view—and brace for what may yet become a more serious violation of their online life.” My hot-take of the week: I’m predicting some “lively” conversation around the “adult table” this holiday season!